{"id":113,"date":"2007-11-17T03:09:31","date_gmt":"2007-11-17T07:09:31","guid":{"rendered":"http:\/\/www.virtualroadside.com\/blog\/index.php\/2007\/11\/17\/make-bittorrentp2p-less-annoying-at-home-using-linux-iptables-and-qos\/"},"modified":"2007-11-17T03:09:31","modified_gmt":"2007-11-17T07:09:31","slug":"make-bittorrentp2p-less-annoying-at-home-using-linux-iptables-and-qos","status":"publish","type":"post","link":"https:\/\/www.virtualroadside.com\/blog\/index.php\/2007\/11\/17\/make-bittorrentp2p-less-annoying-at-home-using-linux-iptables-and-qos\/","title":{"rendered":"Make BitTorrent\/P2P less annoying at home using Linux, Iptables, and QoS"},"content":{"rendered":"<p>At home, I&#8217;ve been using a Linux router for as long as I can remember&#8230; since, a rather long time ago, I didn&#8217;t have money for a router but I happened to have an extra computer that I had been playing with Linux on it. So, I developed an ipchains script (which I eventually converted to iptables) to do <a href=\"http:\/\/en.wikipedia.org\/wiki\/Network_address_translation\">NAT<\/a> on it, and its worked pretty well ever since then. I honestly don&#8217;t remember where I derived the script from, however.<\/p>\n<p>When I was in the dorms and afterwards in an apartment with others, we had used my Linux router, since it was pretty simple and theres a ton of things you can do with a Linux server. However, something we noticed (which wasn&#8217;t specific to this router) is that whenever someone was using BitTorrent or some other P2P app (you know, to download Linux distros and CC-licensed stuff), it would totally kill our internet access unless the person made their upload rate ridiculously low.. which is fine, unless a visitor stops by, plugs in, and forgets to turn their torrents down.<\/p>\n<p>So, sometime last year I decided that there was probably a good way to filter different types of traffic so they don&#8217;t get excessive. Turns out, you can combine iptables and the QoS functionality of the kernel to do just that.<\/p>\n<p><!--more-->The really bare-bones explanation of how it works is like this:<\/p>\n<ol>\n<li> Using iptables, modify the mangle table to classify the streams of traffic passing on ports, or some other mechanism (like <a href=\"http:\/\/l7-filter.sourceforge.net\/\">l7filter<\/a>):\n<pre>iptables -t mangle -A POSTROUTING -o ${EXT_IFACE} -p tcp --dport 80 -j CLASSIFY --set-class 1:11<\/pre>\n<\/li>\n<li>Then, after setting up a qdisc structure (see the script), you can set the rate of the class using tc\n<pre>tc class add dev $EXT_IFACE parent 1:1 classid 1:11  htb rate 115kbit ceil ${MAX_UPLOAD}kbit quantum 10000 burst 10000 prio 1<\/pre>\n<\/li>\n<li>And repeat.<\/li>\n<\/ol>\n<p>Obviously, its slightly more complicated than that, so refer to my scripts (they&#8217;re mostly commented) for more information. You need to ensure you have the netfilter and QoS extensions either built as modules (and loaded) or compiled into your kernel.. I generally just make all of them as modules, and let the autoloader figure out what it needs. My script uses <a href=\"http:\/\/l7-filter.sourceforge.net\/\">l7filter <\/a>to try and classify traffic such as bittorrent more accurately, which works pretty well.<\/p>\n<p>Its important to notice that my setup only restricts uploads, it doesn&#8217;t really do anything significant on download speeds: but thats the big thing that kills you, is the uploading, since most cable modems and DSL has significantly lower upload rates compared to the download rate.<\/p>\n<p>In any case, using this setup has definitely improved our internet sharing. It doesn&#8217;t matter who happens to be torrenting or using some other high bandwidth application &#8212; your web browsing, email, and SSH still works with little to no slowdown. Makes for less fighting about bandwidth too. \ud83d\ude42<\/p>\n<p>For lots more detailed information, I would recommend the <a href=\"http:\/\/www.lartc.org\/\">LARTC<\/a> and <a href=\"http:\/\/www.netfilter.org\/\">Netfilter<\/a> websites, or google it. Thats where I got most of my information from.<\/p>\n<p><a href=\"http:\/\/www.virtualroadside.com\/software\/\">Download link<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>At home, I&#8217;ve been using a Linux router for as long as I can remember&#8230; since, a rather long time ago, I didn&#8217;t have money for a router but I happened to have an extra computer that I had been playing with Linux on it. So, I developed an ipchains script (which I eventually converted [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8,6,31],"tags":[],"_links":{"self":[{"href":"https:\/\/www.virtualroadside.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/113"}],"collection":[{"href":"https:\/\/www.virtualroadside.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.virtualroadside.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.virtualroadside.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.virtualroadside.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=113"}],"version-history":[{"count":0,"href":"https:\/\/www.virtualroadside.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/113\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.virtualroadside.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=113"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.virtualroadside.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=113"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.virtualroadside.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=113"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}